[jira] [Commented] (PDFBOX-5521) Signing tries to set byteRange of old signature

Wed, 28 Sep 2022 01:37:06 -0700 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-5521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17610436#comment-17610436
 ] 

Michael Klink commented on PDFBOX-5521:
---------------------------------------

{quote}COSWriter code hits an "old" signature that is (for whatever reason, 
maybe it was incorrectly included) present in the incremental part.{quote}

Most likely the problem signature in question is the usage rights signature. 
(The message "This document enabled extended features in Adobe Acrobat Reader." 
indicates that there is a usage rights signature in the PDF in question.)

In contrast to other signatures, a usage rights signature dictionary need not 
be an indirect object, it may be a direct object in the *Perms* dictionary 
which in turn may be a direct object in the catalog dictionary. Thus, such a 
usage rights signature may occur again and again in each incremental update 
touching the catalog.

In particular such a recurring usage rights signature is not _incorrectly 
included_ and the PDFBox signing code must be able to recognize that its 
signature dictionary is not the dictionary of the currently to sign signature 
field.

> Signing tries to set byteRange of old signature
> -----------------------------------------------
>
>                 Key: PDFBOX-5521
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-5521
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Signing
>    Affects Versions: 2.0.27
>            Reporter: Tilman Hausherr
>            Assignee: Tilman Hausherr
>            Priority: Major
>             Fix For: 2.0.28, 3.0.0 PDFBox
>
>
> A long bug report on the users mailing lists leads to the finding that the 
> COSWriter code hits an "old" signature that is (for whatever reason, maybe it 
> was incorrectly included) present in the incremental part. The signing then 
> fails because the byte range to be written is longer than the existing byte 
> range.
> To avoid this, we improve signature detection by checking that the size 
> indicated by byteRange is higher than the existing PDF size.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

Reply via email to